fd is a file descriptor that designates
the stream to which stream manipulation operations are to be applied.

rflag is a bitmask that indicates
the mode in which script is to be interpreted.

rflag takes two values, NORUN
and NOASSIGN, which may be OR'd. If rflag is zero, all commands in the configuration script are eligible
to be interpreted. If rflag has the NOASSIGN bit set, the assign command is considered illegal
and generates an error return. If rflag has the NORUN bit set, the run and runwait
commands are considered illegal and generates error returns.

If a command in the script fails, the interpretation of the script ceases
at that point and a positive integer is returned. This number indicates which
line in the script failed. If a system error occurs, a value of -1 is returned.

If a script fails, the process with the environment being established
should not be started.

In the following example, doconfig() is used to interpret
a per-service configuration script.

Per-System Configuration File

The per-system configuration file, /etc/saf/_sysconfig,
is delivered empty. You can use it to customize the environment for all services
on the system by writing a command script in the interpreted language. This
language is described in this chapter and on the doconfig(3NSL) man page.
When the SAC is started, it calls the doconfig() function
to interpret the per-system configuration script. The SAC is started when
the system enters multiuser mode.

Per-Port Monitor Configuration Files

Per-port monitor configuration scripts (/etc/saf/pmtag/_config) are optional. They enable you to customize the environment for
any given port monitor and for the services that are available through the
ports for which that port monitor is responsible. Per-port monitor configuration
scripts are written in the same language that is used for per-system configuration
scripts.

The per-port monitor configuration script is interpreted when the port
monitor is started. The port monitor is started by the SAC after the SAC has
itself been started and after it has run its own configuration script, /etc/saf/_sysconfig.

Per-Service Configuration Files

Per-service configuration files enable you to customize the environment
for a specific service. For example, a service might require special privileges
that are not available to the general user. Using the language described in
the doconfig(3NSL)
man page, you can write a script that grants or limits such special privileges
to a particular service offered through a particular port monitor.

The per-service configuration might override defaults provided by higher-level
configuration scripts. For example, the per-service configuration script might
specify a set of STREAMS modules other than the default set.

Configuration Language

The language in which configuration scripts are written consists of
a sequence of commands, each of which is interpreted separately. The following
reserved keywords are defined: assign, push, pop, runwait, and run. The
comment character is #. Blank lines are not significant.
No line in a command script can exceed 1024 characters.

assign Keyword

The assign keyword is used to define environment
variables.

assign variable=value

variable is the name of the environment variable
and value is the value to be assigned to it. The value
assigned must be a string constant. No form of parameter substitution is available. value can be quoted. The quoting rules are those that the shell
uses for defining environment variables. assign fails if
space cannot be allocated for the new variable or if any part of the specification
is invalid.

push Keyword

The push keyword is used to push STREAMS modules
onto the stream designated by fd.
See the doconfig(3NSL)
man page.

push module1[, module2, module3, ...]

module1 is the name of the first module to
be pushed, module2 is the name of the second module
to be pushed, and so on. The command fails if any of the named modules cannot
be pushed. If a module cannot be pushed, the subsequent modules on the same
command line are ignored and modules that have already been pushed are popped.

pop Keyword

The pop keyword is used to pop STREAMS modules off
the designated stream.

pop [module]

If pop is invoked with no arguments, the top module
on the stream is popped. If an argument is given, modules are popped one at
a time until the named module is at the top of the stream. If the named module
is not on the designated stream, the stream is left as it was and the command
fails. If module is the special keyword ALL, then all modules on the stream are popped. Note that only modules
above the topmost driver are affected.

runwait Keyword

The runwait keyword runs a command and waits for
it to complete.

runwait command

command is the path name of the command to
be run. The command is run with /bin/sh-c
prepended to it. Shell scripts can thus be executed from configuration scripts.
The runwait command fails if command
cannot be found or cannot be executed, or if command
exits with a nonzero status.

run Keyword

The run keyword is identical to runwait except that it does not wait for command
to complete.

run command

command is the path name of the command to
be run. run does not fail unless it is unable to create
a child process to execute the command.

Although they are syntactically indistinguishable, some of the commands
available to run and runwait are interpreter
built-in commands. Interpreter built-ins are used when it is necessary to
alter the state of a process within the context of that process. The doconfig() interpreter built-in commands are similar to the shell
special commands and, like these commands, they do not spawn another process
for execution. See the sh(1)
man page. The initial set of built-in commands is:

cd ulimit umask

Printing, Installing, and Replacing Configuration Scripts

This section describes the form of the SAC and port monitor administrative
commands used to install the three types of configuration scripts. Per-system
and per-port monitor configuration scripts are administered using the sacadm command. Per-service configuration scripts are administered
using the pmadm command.

Per-System Configuration Scripts

Per-system configuration scripts are administered by using the sacadm command.

sacadm -G [ -zscript ]

The -G option is used to print or replace the per-system
configuration script. The -G option by itself prints the per-system
configuration script. The -G option in combination with a -z option replaces /etc/saf/_sysconfig with the
contents of the file script. Other combinations of options
with a -G option are invalid.

The _sysconfig file in the following example sets
the time zone variable, TZ.

Per-Port Monitor Configuration Scripts

Per-port monitor configuration scripts are administered by using the sacadm command.

sacadm -g -p pmtag [ -z script ]

The -g option is used to print, install, or replace
the per-port monitor configuration script. A -g option requires
a -p option. The -g option with only a -p option prints the per-port monitor configuration script for port
monitor pmtag. The -g option with
a -p option and a -z option installs the file script as the per-port monitor configuration script for port
monitor pmtag. Or, if /etc/saf/pmtag/_config exists, these options replace _config with
the contents of script. Other combinations of options
with -g are invalid.

In the _config file, the command /usr/bin/daemon is assumed to start a daemon process that builds and holds together
a STREAMS multiplexor. By installing this configuration script, the command
can be executed just before starting the port monitor that requires it.

Per-Service Configuration Scripts

The SAC interprets both its own configuration file, _sysconfig, and the port monitor configuration files. Only the
per-service configuration files are interpreted by the port monitors.

The -g option is used to print, install, or replace
a per-service configuration script. The -g option with a -p option and a -s option prints the per-service configuration
script for service svctag available through port
monitor pmtag. The -g option with
a -p option, a -s option, and a -z option installs the per-service configuration script contained in
the file script as the per-service configuration
script for service svctag available through port
monitor pmtag. The -g option with
a -s option, a -t option, and a -z option installs the file script as the
per-service configuration script for service svctag
available through any port monitor of type type.
Other combinations of options with -g are invalid.

The following per-service configuration script controls two settings:
It specifies the maximum file size for files created by a process by setting
the process's ulimit to 4096.
It also specifies the protection mask to be applied to files created by the
process by setting umask to 077.